Re: why cannot I use heur_dissector_add("ip", .....

[John x <xiachangqin66 () hotmail com>]

Thank you

Yes it is that TTL changes in-flight. But my packets are captured on a specific link, there are only 2 or 3 kinds of 
packets. The way to distinguish them is only the TTL value. 

So here if IP.ttl doesnot work, how to instruct wireshark to handoff the 3 different kinds of packets to my 3 different 
dissectors?

Thanks


> From: guy () alum mit edu
> Date: Sun, 26 Jun 2011 11:58:17 -0700
> To: wireshark-dev () wireshark org
> Subject: Re: [Wireshark-dev] why cannot I use heur_dissector_add("ip", .....
>
>
> On Jun 25, 2011, at 11:45 PM, John x wrote:
>
> > but here I want to use ip.ttl to instruct wireshark to handoff packet to my dissector.
>
> Why?  The TTL value changes in-flight, so it cannot be meaningfully used to distinguish what protocol is being 
> carried in an IP packet.
>
> > In my specific situation, ip.ttl is my only way to distinguish my packets.
>
> What is your specific situation?  What is it you're trying to do?
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe